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AMENDMENTS TO THE CLAIMS: 

This listing of the claims will replace all prior versions, and listings, of the claims in this 
application. 

Listing of Claims: 

1 . (Currently Amended) A method, comprising: 

performing an automated security scan of a second network device by a first network 
device to determine at least one of a hardware or software capability of the second network 
device; 

determining an attribute for the second network device based, in part, on the determined 
capability; 

generating an attribute certificate for the second network device based in part on the 
attribute; 

storing the attribute certificate including the attribute on a device other than the second 
network device; and 

receiving, at the first network device, an authentication request from the second network 
device for access to a resource over a network; 

verifying the authentication request from the second network device, or else terminating 
communication with the second network device; 

responsive to a v e rifi e d verifying the authentication request from the second network 
device for acc e s s to a resourc e over a n e twork , the first network device requesting and receiving 
from the other device the stored attribute certificate for the second network device; and 

the first network device determining whether the stor e d received attribute certificate for 
the second network device is valid, where if the stor e d attribute certificate is determined valid, 
authorizing access to the resource over the network based, in part, on the attribute associated with 
the attribute certificate, or else d e nying access to th e r e sourc e fo r terminating communication 
with the second network device. 



2. (Canceled). 
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3. (Original) The method of claim 1 , wherein the attribute is further determined based, in part, on 
a condition to be satisfied. 

4. (Currently Amended) The method of claim 1 , wherein the attribut e i s further associat e d with a 
group of network devices where the validity of the received attribute certificate is based on 
factors comprising at least one of a date range of the attribute certificate, a digital signature on the 
attribute certificate, and a comparison of an identity listed in the attribute certificate with the 
verified authentication request . 

5. (Currently Amended) The method of claim 1 , wherein the attribute is further associated with at 
least one of a group of users and a group of network devices . 

6. (Previously Presented) The method of claim 1 , wherein the attribute certificate is generated by 
at least one of the first network device, an access server, and an attribute authority. 

7. (Currently Amended) The method of claim 1, wherein the attribute certificate is stored in at 
least one of the first network device, and an attribute repository. 

8. (Original) The method of claim 7, wherein the attribute certificate is provided to an access 
server through the use of at least one of a cookie, a program, and a manual upload. 

9. (Currently Amended) An apparatus, comprising: 

an interface configured to perform an automated security scan of a network device to 
determine at least one of a hardware or software capability of the network device; 

a processor configured to determine an attribute for the network device based, in part on 
the determined capability; 

the processor further configured to generate an attribute certificate for the network device 
based, in part, on the attribute; 

a memory the interface configured to store the attribute certificate including the attribute 
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on a device other than the network device; and 

the processor configured to receive an authentication request from the network device for 
access to a resource over a network; 

the processor configured to verify the authentication request from the network device, or 
else to terminate communication with the network device; 

responsive to a v e rified verifying the authentication request from the network device fet 
acc e ss to a r e sourc e ov e r a n e twork , the processor and the interface furth e r are configured to 
request and receive from the other device the stored attribute certificate for the network device; 
and 

the processor is configured to determine whether the stor e d received attribute certificate 
for the network device is valid, where if the stor e d attribute certificate is determined valid, the 
processor is configured to authorize access to the resource over the network based, in part, on the 
attribute associated with the attribute certificate, or else to d e ny acc e ss to th e r e sourc e for 
terminate communication with the network device. 

1 0. (Previously Presented) The apparatus of claim 9, wherein the processor is further configured 
to generate the attribute certificate based on a condition to be satisfied. 

1 1 . (Canceled). 

12. (Currently Amended) The apparatus of claim 9, wherein the proc e ssor is further configur e d to 
generat e th e attribut e c e rtificat e based on th e automat e d security scan of th e n e twork devic e the 
validity of the received attribute certificate is based on factors comprising at least one of a date 
range of the attribute certificate, a digital signature on the attribute certificate, and a comparison 
of an identity listed in the attribute certificate with the verified authentication request . 

13. (Previously Presented) The apparatus of claim 9, wherein the interface is further configured 
to send the attribute certificate to an attribute repository to be stored. 

14. (Currently Amended) A device for managing authorization to a resource over a network, 
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comprising: 

means for performing an automated security scan of a network device to determine at 
least one of a hardware or software capability of the network device; 

means for determining an attribute for the network device based, in part, on the 
determined capability of the network device; 

means for generating an attribute certificate for the network device, wherein the attribute 
certificate is based in part on the attribute; 

means for storing the attribute certificate on a device other than the network device; and 

means for receiving an authentication request from the network device for access to a 
resource over the network; 

means for verifying the authentication request from the network device, or else 
terminating communication with the network device; 

means^ responsive to a v e rifi e d verifying the authentication request from the network 
device for access to a r e sourc e ov e r a n e twork for d e t e rmining wheth e r requesting and receiving 
from the other device the stored attribute certificate for the network device; 

means for determing whether the stor e d received attribute certificate for the network 
device is valid, where if the stored attribute certificate is determined valid, and 

means for authorizing access to the resource over the network based, in part, on the 
attribute associated with the attribute certificate, or else for denying acc e ss to th e r e sourc e for 
terminating communication with the network device. 

15. (Previously Presented) The device of claim 14, where the means to perform an automated 
scan comprises an interface; and the means for determining, generating, storing, and means 
responsive comprises a central processing unit coupled to the interface and further coupled to a 
memory. 

16. (Currently Amended) A computer readable medium encoded with a computer program 
executable by a processor to perform actions comprising: 

performing an automated security scan of a network device to determine at least one of a 
hardware or software capability of the network device; 
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determining an attribute for the network device based, in part, on the determined 
capability; 

generating an attribute certificate for the network device based in part on the attribute; 
storing the attribute certificate including the attribute on a device other than the network 
device; and 

receiving an authentication request from the network device for access to a resource over 
a network; 

verifying the authentication request from the network device, or else terminating 
communication with the network device; 

responsive to a verified authentication request from the network device for access to a 
r e sourc e ov e r a network , requesting and receiving from the other device the stored attribute 
certificate for the network device; and 

determining whether the stored received attribute certificate for the network device is 
valid, where if the stor e d attribute certificate is determined valid, authorizing access to a resource 
over a network based, in part, on the attribute associated with the attribute certificate, or else fer 
denying acc e ss to th e resource for terminating communication with the network device. 
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